What are the dangers of Facebook cloaking? Is it simply a case of someone being capable of seeing information that
the user wouldn't necessarily want them to see, or are there more devious attacks that the method will expose?
Ask the expert!
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
There are two common types of Facebook cloaking. The first is used for potentially illicit search engine optimizing. The second is the more current version that was reported by Technology Review regarding how to make it difficult to be unfriended on Facebook. Facebook responded to the Technology Review report within 48 hours by deploying a modification to its user interface. So, while this may have been an issue, it has been resolved for now.
That second method of cloaking involved deactivating a Facebook account so that users could not remove the account from their "friends" list. This attack required a user to accept an account's friend request before the cloaker could then deactivate the account. At the time of the research, users couldn't unfriend deactivated accounts. This meant that an attacker could enable an account to download all of the content on a user's profile, then disable their account again before someone unfriended them.
Given that many users publish their Facebook updates as public and that few users ever clean up their friends list, it seems that just a few users could have been targeted by a Facebook cloaking attack. This was an important issue that needed a quick resolution because users should be able to remove accounts from their friends list regardless of the status of an account. That said, given Facebook's popularity, it's likely that attackers will continue to find and exploit similar flaws.
The bottom line is that this incident is just the latest wake-up call to remind users that constant vigilance is needed to guard against creative attackers constantly seeking to violate their privacy. If users are concerned enough about their security after this exposure to take steps to enhance their Facebook privacy and avoid security issues such as Facebook cloaking, they should be easily encouraged to use Facebook's privacy settings.
Dig deeper on Social media security risks and real-time communication security
Related Q&A from Nick Lewis, Enterprise Threats
Researchers reportedly succeeded in extracting decryption keys using sound-based attacks. Is this a threat enterprises should worry about?continue reading
The amount of malware using peer-to-peer communications has increased dramatically. Enterprise threats expert Nick Lewis explains how to detect P2P ...continue reading
Cloaked malware, like DGA.Changer, can reportedly evade sandbox detection. Nick Lewis explains how to handle the risk.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.